HIGH8.2CVE-2026-24843melange QEMU runner could write files outside workspace directory in chainguard.dev/melange >= 0.11.3, < 0.40.3
HIGH8.2CVE-2026-24843melange QEMU runner could write files outside workspace directory in chainguard.dev/melange >= 0.11.3, < 0.40.3
HIGH7.9CVE-2026-24844melange pipeline working-directory could allow command injection in chainguard.dev/melange >= 0.3.0, < 0.40.3
HIGH7.9melange pipeline working-directory could allow command injection in chainguard.dev/melange
>= 0.3.0, < 0.40.3
HIGH7.8melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange
>= 0.10.0, < 0.40.3
HIGH7.8melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange
>= 0.10.0, < 0.40.3
MEDIUM6.1melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses
>= 0.32.0, < 0.43.4
MEDIUM5.5melange has a path traversal in license-path which allows reading files outside workspace in chainguard.dev/melange
>= 0.14.0, < 0.40.3
MEDIUM5.5melange has a path traversal in license-path which allows reading files outside workspace in chainguard.dev/melange
>= 0.14.0, < 0.40.3
MEDIUM4.4melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange
>= 0.23.0, < 0.29.5
MEDIUM4.4melange's world-writable permissions expose SBOM files to potential image tampering in chainguard.dev/melange
>= 0.23.0, < 0.29.5
MEDIUM4.3`melange update-cache` has unbounded HTTP download that can exhaust disk in CI in chainguard.dev/melange
from 0, <= 0.40.5
MEDIUM4.3`melange update-cache` has unbounded HTTP download that can exhaust disk in CI in chainguard.dev/melange
from 0
LOW3.3melange has Path Traversal via .PKGINFO in --persist-lint-results
>= 0.32.0, < 0.43.4